Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on April 12, 2016, 08:56:39 PM
-
Hello!
Would appreciate it if you guys could guide me through the process for cleaning my infected computer. Ive went through the process before but i forgot what i have to download and post on the forum.
Please help out thank you!
-
If you can also give a brief outline of what is happening.
Go to this topic http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0) for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and start attach the logs here, not in the LOGS topic.
-
Hello!
Here are the required attachments.
Thank you very much!
-
What is happening:
An app called Chromium was automatically downloaded onto my computer without my permission as well as Bytefence Anti-Malware.
The Bytefence Anti-Malware program pops up randomly at times saying that it blocked something because it is infectious.
Thank you.
-
A malware removal specialist has been informed of your topic.
-
First could you uninstall ByteFence Anti-Malware
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-04-12] ()
2016-04-13 03:10 - 2016-04-13 03:10 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2016-04-12 15:01 - 2016-04-12 15:01 - 00000000 ____D C:\ProgramData\ByteFence
2016-04-12 14:51 - 2016-04-12 14:51 - 00003478 _____ C:\Windows\System32\Tasks\ByteFence Scan
2016-04-12 14:51 - 2016-04-12 14:51 - 00003376 _____ C:\Windows\System32\Tasks\ByteFence
2016-04-12 14:51 - 2016-04-12 14:51 - 00002266 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-04-12 14:51 - 2016-04-12 14:51 - 00002258 _____ C:\Users\john\Desktop\Chromium.lnk
2016-04-12 14:51 - 2016-04-12 14:51 - 00000000 ____D C:\Users\john\AppData\Local\Chromium
2016-04-12 14:50 - 2016-04-13 19:44 - 00000000 ____D C:\Program Files\ByteFence
2016-04-12 14:50 - 2016-04-12 14:51 - 00000000 ____D C:\Users\john\AppData\Local\{2220147C-0688-78C4-6B10-5D2C4F78A1B4}
2016-04-12 14:50 - 2016-04-12 14:50 - 01212136 _____ (DotNes ) C:\Users\john\Downloads\mike_tysons_punch_out [1].exe
Task: {2160B34A-D92D-4183-9B34-4F4007657ED7} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-03-28] (Byte Technologies LLC)
Task: {A2A8DE97-6EA4-40AE-A33B-D715EB6E6B01} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-03-28] (Byte Technologies LLC)
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.
-
Here are the final logs.
Thank you!
-
How is the computer now ?